From 27292af1f4b84aa2054d37839a907382ac6bc483 Mon Sep 17 00:00:00 2001
From: sharath reddy <bs.reddy@huawei.com>
Date: Tue, 26 Apr 2022 11:32:13 +0530
Subject: Changed the code to not log user-controlled data.

Issue-ID: VNFSDK-834

Signed-off-by: sharath reddy <bs.reddy@huawei.com>
Change-Id: If24a646ce4d8b239f1866c6fb7b446f0ce2e3f53
---
 .../onap/vnfsdk/marketplace/db/wrapper/PackageHandler.java   | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/wrapper/PackageHandler.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/wrapper/PackageHandler.java
index 5fb41dde..c3cd60be 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/wrapper/PackageHandler.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/wrapper/PackageHandler.java
@@ -17,7 +17,9 @@ package org.onap.vnfsdk.marketplace.db.wrapper;
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Objects;
 
+import org.apache.commons.lang3.StringUtils;
 import org.onap.vnfsdk.marketplace.db.common.MarketplaceResourceType;
 import org.onap.vnfsdk.marketplace.db.entity.PackageData;
 import org.onap.vnfsdk.marketplace.db.exception.MarketplaceResourceException;
@@ -74,11 +76,18 @@ public class PackageHandler extends BaseHandler<PackageData> {
      * @return PackageData list
      * @throws MarketplaceResourceException e
      */
+    private String loggerPatternBreaking(String loggerInput) {
+return Objects.nonNull(loggerInput) ? loggerInput.replaceAll("[\n\r\t]", "_") : StringUtils.EMPTY;
+
+}
+
     public List<PackageData> queryByID(String csarID)
             throws MarketplaceResourceException {
         logger.info("packageHandler:start query package info.");
         List<PackageData> data = new ArrayList<>();
-        logger.info("packageHandler:start query data .info:{}" , csarID);
+        if (logger.isInfoEnabled()) {
+        logger.info("packageHandler:start query data .info:{}" , loggerPatternBreaking(csarID));
+        }
         IMarketplaceDao dao = new MarketplaceDaoImpl();
         Object result = dao.getPackageData(csarID);
         if (result != null) {
@@ -96,4 +105,3 @@ public class PackageHandler extends BaseHandler<PackageData> {
         throw new UnsupportedOperationException();
     }
 }
-
-- 
cgit 1.2.3-korg